Privacy Policy

Philippines Vastness Lending Corporation (referred to as "we," "us," or "our") values your privacy and is committed to protecting your personal data. This privacy policy outlines how we collect, use, share, and protect your information when you use our mobile application (the "App") to access loan services in the Philippines. By using our App, you agree to the terms of this policy.

1. Data We Collect

We may collect the following types of data:

A. Personal Information

• Identification documents: Government-issued ID, self-verification selfies.
• Personal details: Name, gender, educational background, marital status.
• Employment information: Company details, industry, years of work experience.
• Contact information: Email address, phone number, address, emergency contacts.
• Financial information: Bank account details, credit history, income information.

B. Device and Technical Information

• Device data: Device type, device name, device brand, operating system (type, version), unique device identifiers (such as Android ID, MAC address, GAID), Wi-Fi information (Wi-Fi name, carrier name, Wi-Fi connection status, local IP address, screen resolution, jailbroken status), browser type and settings, device storage capacity and memory data (total capacity and usage), emulator usage status, app version.
• Location information (approximate): GPS address, latitude, longitude.

C. Behavioral Data

• Loan history, repayment behavior, and interactions with our customer support.

D. Third-Party and External Data

We may also collect data from external sources, including but not limited to:

• Information you provide: Information you submit directly (such as account updates, loan applications).
• Account analysis: Behavioral insights obtained from your use of our services.
• Public registries: Publicly available data from government databases or registries.
• Relevant agencies: Information shared by government agencies, regulatory bodies, or law enforcement.
• Telecom providers: Data obtained from mobile network operators with your consent.
• Third parties: Data obtained from partners, service providers, or publicly accessible platforms.

Important notes:

• We will only collect such data if we have your explicit consent or are legally permitted to do so (such as regulatory requirements).
• You guarantee that all information provided is accurate and not misleading.
• Vplus reserves the right to request additional documents to verify your identity or data.

2. Purposes of Data Collection

We use your data for the following legitimate purposes:

1. Loan processing: Verifying your identity to comply with know your customer (KYC) and anti-money laundering (AML) regulations.
2. Fraud prevention: Detecting and preventing fraudulent transactions or account takeovers.
3. Credit assessment: Conducting credit checks to evaluate your financial reliability and sharing credit data with authorized financial institutions for joint risk assessment.
4. Financial analysis: Analyzing your financial needs, spending patterns, and risk profile to tailor loan products.
5. Account management: Maintaining and securing your account, including transaction records, security protocols, and service access.
6. Data analysis: Generating insights to improve products, services, and operational efficiency.
7. Credit history management: Storing and referencing credit records for current or future loan evaluations.
8. Service improvement: Enhancing the functionality and user experience of the application, and providing personalized loan products.
9. Customer support: Addressing inquiries, resolving disputes, sending updates/reminders, and handling complaints.
10. Marketing and promotions: Sending transaction updates, reminders, and promotional offers (with your consent).
11. Debt collection: Enforcing repayment obligations and recovering overdue amounts.
12. Record verification: Cross-checking data accuracy with third parties to ensure reliability.
13. Experience optimization: Improving the features of the application, user experience, and business processes.
14. Business operations: Supporting financial planning, risk monitoring, auditing, and decision-making.
15. Legal compliance: Responding to subpoenas, regulatory requirements, or court orders.

3. How We Collect Data

If you decide to open an account with Philippines Vastness Lending Corporation and provide personal information to use our services (such as submitting a loan application, contacting customer support, or other related purposes), we will collect, process, and share various types of information. Please rest assured that we will only retain and use this information for the necessary period to fulfill the above purposes or as required by law.

4. Permissions and Purposes

To provide seamless service and ensure account security, Philippines Vastness Lending Corporation requires specific device permissions. Below is a detailed review of the permissions, their purposes, and safeguards:

A. Internet Access

Purpose:

• Support data transmission between devices and our servers to enable service functionality (such as loan applications, updates).
• Ensure real-time updates and secure communication.

B. Network State Check (ACCESS_NETWORK_STATE)

Purpose: Monitor the network connection status to optimize application performance and stability.

C. Notifications (POST_NOTIFICATIONS)

Purpose:

• Send urgent alerts (such as transaction confirmations, security alerts).
• Provide personalized promotions and service updates.

D. Wi-Fi Status Access (ACCESS_WIFI_STATE / CHANGE_WIFI_STATE)

Purpose:

• Optimize network performance by analyzing Wi-Fi connections.
• Automatically switch to a more reliable network to ensure uninterrupted service without manual operation.

E. Location Access (ACCESS_COARSE_LOCATION)

Purpose:

• Provide location-based services.
• Enhance fraud prevention by cross-referencing geographical data.

F. Camera Access

Purpose:

• Capture ID documents and real-time selfies for KYC verification.
• Enable document scanning and biometric authentication.

5. Deleting or Modifying Your Personal Information

A. Modifying Personal Information

You can update or correct your personal information in the following ways:

• Request Method: Send an email to [email protected], specifying the details needing modification (e.g., contact information, address).
• Processing Time: We will review and update your data within 5 business days of receiving the request.
• Verification: For significant changes (like government ID), additional verification documents may be required to ensure account security.

B. Deleting Personal Information

You can request the deletion of your personal data in the following ways:

1. Voluntary Deletion Request:
   • Send an email to [email protected] clearly requesting the deletion of all or part of your data.
   • Verification: You may need to provide an identity verification document (e.g., photo of your ID) and a reason for deletion.
   • Processing Time: Upon verification, all data will be deleted from all systems within 15 calendar days.
2. Manual Deletion Function:
   • Use the "Account Settings" section in the Philippines Vastness Lending Corporation app to delete your account and data.
   • Irreversible action: Deleted data cannot be restored. Please note that some data may need to be retained by law (such as transaction records).

C. Exceptions

The following data cannot be deleted under this policy:

• Records that are required by law to be retained (e.g., loan contracts, repayment history).
• Data shared with third-party service providers (requires cooperation from the third party to delete).

6. Data Disclosure

Philippines Vastness Lending Corporation values your privacy and will only share personal information as expressly permitted in this privacy policy. We may disclose your data to the following categories of recipients, strictly for the purposes listed in Section 2 (Purposes of Data Collection) and/or legal requirements:

A. Internal Affiliates and Service Providers

1. Affiliates/Subsidiaries: Philippines Vastness Lending Corporation and its holding companies, subsidiaries, affiliates, and related companies for operational, financial, or service-related functions.
2. Service Providers: Contractors, professional advisors (such as legal, audit), debt collection agencies, and third-party vendors handling data under our strict confidentiality agreements.

B. Credit and Financial Institutions

1. Credit Bureaus: National and local credit reporting agencies (such as credit bureaus, insurance companies, or rating agencies) for risk assessment, loan review, or fraud prevention.
2. Financial Partners: Financial service providers offering service products (such as payment gateways, loan disbursement platforms).

C. Legal and Regulatory Authorities

1. Regulatory Bodies: Government regulatory agencies (such as the Securities and Exchange Commission, Central Bank BSP), law enforcement agencies, or courts responding to legal obligations, investigations, or court orders.
2. Guarantors/Collateral Providers: Entities providing guarantees or collateral for your loan.

D. Business Partners and Stakeholders

1. Strategic Partners: Third parties launching specific products, promotions, or services in collaboration with Philippines Vastness Lending Corporation.
2. Rights Assignors: Entities that assign rights or obligations to you as per agreements made with you (for example, mergers, acquisitions, or debt assignments).

E. Other Legitimate Recipients

1. Enforcement Agents: Individuals/entities assisting in enforcing Philippines Vastness Lending Corporation contracts or legal rights.
2. Authorized Third Parties: Any party you explicitly grant consent to share your data with in writing or allow sharing through account settings (for example, integrations with trusted applications).

7. Data Retention

We will only retain your data for the necessary period to fulfill the purposes listed in this policy or as required by Philippine law. Below are the retention periods for specific categories of data:

A. Personal, Behavioral Data, and Third-Party and External Data

• Personal Information: Retained for 3 years after your last transaction with Philippines Vastness Lending Corporation, or immediately deleted upon account closure.
• Behavioral Data: Retained for 3 years after your last transaction with Philippines Vastness Lending Corporation or immediately deleted upon account closure.
• Third-Party and External Data: Retained for 3 years after your last transaction with Philippines Vastness Lending Corporation or immediately deleted upon account closure.

B. Device and Technical Data

• Device Data:
  • Activity Logs: Retained for 90 days.
  • Backup Records: Retained for up to 3 years for fraud prevention and risk analysis.
  • Deleted immediately upon account closure.
• Location Information:
  • Activity Logs: Retained for 90 days.
  • Backup Records: Retained for up to 3 years for fraud prevention and risk analysis.
  • Deleted immediately upon account closure.
• Device Memory Data:
  • Activity Logs: Retained for 90 days.
  • Backup Records: Retained for up to 3 years for fraud prevention and risk analysis.
  • Deleted immediately upon account closure.

C. Legal and Regulatory Exceptions

Data required to comply with Philippine law (such as Anti-Money Laundering Act, SEC reporting) will be retained for the minimum period required by regulatory bodies (typically 5-7 years).

8. Your Rights Under the Data Privacy Act (DPA)

As a user of Philippines Vastness Lending Corporation, you have the following rights under Philippine law. To exercise these rights, please contact us at [email protected] or submit a formal request through our customer service:

A. Right to Information

You have the right to know:

• What personal data we collect about you.
• How we use, share, or store your data (as outlined in Section 2 and Section 7).
• The purposes for processing your data and the legal basis for it.

B. Right to Access

You can request a copy of the personal data held by Philippines Vastness Lending Corporation, including:

• Copies of loan applications, transaction records, and account details.
• Documentation regarding how your data is shared with third parties.

C. Right to Correction

You can request corrections to inaccurate or incomplete data, such as:

• Outdated contact information.
• Errors in financial or identification documents.

D. Right to Deletion (Blocking)

You can request the deletion of your personal data unless legally required to retain it (for example, for tax, audit, or ongoing legal disputes). For example:

• Closing your account and requesting deletion of related data.
• Deleting stored chat records or unnecessary behavioral data.

E. Right to Restrict Processing

You can object to the processing of your data based on specific purposes, such as:

• Direct marketing (e.g., promotional emails).
• Profiling or behavioral analysis for credit scoring.

F. Right to Data Portability

You may request your data in a structured, machine-readable format (such as CSV, JSON) to transfer to another financial service provider.

G. Right to File Complaints

You have the right to raise objections regarding our processing of your personal information at any time. Please direct any inquiries, requests, concerns, complaints, or matters to exercise your rights related to personal information to Philippines Vastness Lending Corporation. Philippines Vastness Lending Corporation commits to quickly acknowledging your complaint and providing you with an initial timeline for response.

Please note that the listing and phrasing of the rights above may not exactly match the specific terms in the data privacy law. Please refer to the data privacy law for the exact list of rights you may have as a data subject. All rights mentioned in the law are implicitly included in this privacy policy and may be freely exercised by the data subject.

9. Protection of Personal Information

Philippines Vastness Lending Corporation is committed to protecting your personal information through a multi-layered security framework that adheres to Philippine law and international best practices (such as ISO 27001 standards). Here are key safeguards we implement:

A. Data Encryption

• In Transit: All data exchanged between devices and servers is encrypted using TLS 1.3 (Transport Layer Security).
• At Rest: Sensitive data (e.g., passwords, financial details) is encrypted using AES-256.

B. Access Control

• Role-Based Permissions: Strictly granting access to employees and contractors based on their job roles (such as customer support vs. system administrators).
• Multi-Factor Authentication (MFA): Enforced for access to internal systems that hold personal data.

C. Network Security

• Firewalls and Intrusion Detection: Deployed to monitor and block unauthorized access attempts.
• Regular Penetration Testing: Conducted quarterly to identify and remediate vulnerabilities.

D. Data Backup and Recovery

• Backup Frequency:
  • Active Data: Daily incremental backups.
  • Long-term Retention: Weekly full backups stored in geographically dispersed secure facilities.
  • Retention Period: Backup data is retained for 3 years as required by the SEC for disaster recovery.

E. Employee Training

• Annual Security Training: Covering phishing prevention, data handling protocols, and incident reporting.
• Role-Specific Workshops: Training IT staff on secure coding practices and third-party vendor risk management.

F. Third-Party Vendor Management

• Contractual Obligations: Service providers (e.g., cloud hosts, payment gateways) must adhere to our data processing addendum (DPA).
• Audit Rights: Vplus reserves the right to audit third-party compliance to ensure security standards are met.

G. Incident Response

• Incident Protocol: Urgent containment measures within 72 hours upon discovery, conducting forensic analysis, and notifying affected users and regulatory agencies (such as SEC, BSP).
• User Communication: Providing transparent updates via email/SMS if your data is compromised.

H. Continuous Improvement

• Risk Assessments: Semi-annual evaluations of security measures to adapt to emerging threats (e.g., AI-driven fraud patterns).
• Policy Updates: Regular revisions to reflect technological advancements and regulatory changes.

However, while we invest substantially in protecting your personal information, no institution can guarantee absolute security.

10. Collection and Processing of Sensitive Data

All collected sensitive data will be transmitted to our secure servers at platform-api.vastness-ph.com. We ensure the security and confidentiality of data during transmission.

11. Third-Party SDKs and Services

To enhance service delivery, we integrate trusted third-party SDKs and services. Here’s a detailed review of their purposes, data handling practices, and compliance measures:

A. Firebase SDK

Purpose:

• Notifications: Providing real-time alerts (e.g., transaction updates, security reminders).
• Analytics: Tracking application performance and user behavior through Google Analytics to optimize service delivery.
• Error Monitoring: Detecting and addressing technical issues (e.g., app crashes).

Data processed:

• Device information (e.g., device type, operating system version).
• Usage records (e.g., app session durations, feature interactions).

B. Adjust SDK

Purpose:

• Ad Analytics: Measuring the effectiveness of advertising campaigns (e.g., user acquisition, conversion rates).
• User Attribution: Tracking referral sources to enhance marketing strategies.

Data processed:

• Advertising ID (e.g., Google Advertising ID, Apple IDFA).
• In-app activities (e.g., ad clicks, content downloads).

C. Facial Recognition SDK

Purpose:

• KYC (Know Your Customer): Verifying user identities during account creation or transactions through facial recognition.
• Fraud Prevention: Detecting identity fraud by comparing biometric data with registered records.

Data processed:

• Facial biometrics (encrypted during transmission and storage).
• Device camera access (obtained with user consent).

12. Children's Privacy

Our application is not aimed at users under the age of 18. Parents or guardians must supervise minors using the application.

13. Changes to This Policy

We reserve the right to update this privacy policy periodically to reflect regulatory changes, operational improvements, or enhanced user protection measures. All updates will be published promptly on our customer service page and through in-app notifications. We encourage users to review this policy regularly to understand how their data is managed.

14. User Agreement

By continuing to use Philippines Vastness Lending Corporation services after this privacy policy is amended, you expressly agree to the revised terms. Your continued use constitutes acceptance of the updated policy.

15. Contact Us

For inquiries regarding this privacy policy or our data handling practices, please contact us:

Support Email: [email protected]

Address: Avida Cityflex Towers BGC, 7th Avenue, North Bonifacio Global City Taguig NCR 1635